<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
 <head>
  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  <title>Generate a HKDF key derivation of a supplied key input</title>
 </head>
 <body class="docs"><div id="layout">
  <div id="layout-content"><div id="function.hash-hkdf" class="refentry">
 <div class="refnamediv">
  <h1 class="refname">hash_hkdf</h1>
  <p class="verinfo">(PHP 7 &gt;= 7.1.2)</p><p class="refpurpose"><span class="refname">hash_hkdf</span> &mdash; <span class="dc-title">Generate a HKDF key derivation of a supplied key input</span></p>

 </div>
 <div class="refsect1 description" id="refsect1-function.hash-hkdf-description">
  <h3 class="title">说明</h3>
  <div class="methodsynopsis dc-description">
   <span class="methodname"><strong>hash_hkdf</strong></span>
    ( <span class="methodparam"><span class="type">string</span> <code class="parameter">$algo</code></span>
   , <span class="methodparam"><span class="type">string</span> <code class="parameter">$ikm</code></span>
   [, <span class="methodparam"><span class="type">int</span> <code class="parameter">$length</code><span class="initializer"> = 0</span></span>
   [, <span class="methodparam"><span class="type">string</span> <code class="parameter">$info</code><span class="initializer"> = &#039;&#039;</span></span>
   [, <span class="methodparam"><span class="type">string</span> <code class="parameter">$salt</code><span class="initializer"> = &#039;&#039;</span></span>
  ]]] ) : <span class="type">string</span></div>


 </div>

 <div class="refsect1 parameters" id="refsect1-function.hash-hkdf-parameters">
  <h3 class="title">参数</h3>
  <p class="para">
   <dl>

    
     <dt>
<code class="parameter">algo</code></dt>

     <dd>

      <p class="para">
       Name of selected hashing algorithm (i.e. &quot;sha256&quot;, &quot;sha512&quot;, &quot;haval160,4&quot;, etc..)
       See <span class="function"><a href="hash_algos.html" class="function">hash_algos()</a></span> for a list of supported algorithms.
       <blockquote class="note"><p><strong class="note">Note</strong>: 
        <p class="para">
         Non-cryptographic hash functions are not allowed.
        </p>
       </p></blockquote>
      </p>
     </dd>

    
    
     <dt>
<code class="parameter">ikm</code></dt>

     <dd>

      <p class="para">
       Input keying material (raw binary). Cannot be empty.
      </p>
     </dd>

    
    
     <dt>
<code class="parameter">length</code></dt>

     <dd>

      <p class="para">
       Desired output length in bytes.
       Cannot be greater than 255 times the chosen hash function size.
      </p>
      <p class="para">
       If <code class="parameter">length</code> is <em>0</em>, the output length
       will default to the chosen hash function size.
      </p>
     </dd>

    
    
     <dt>
<code class="parameter">info</code></dt>

     <dd>

      <p class="para">
       Application/context-specific info string.
      </p>
     </dd>

    
    
     <dt>
<code class="parameter">salt</code></dt>

     <dd>

      <p class="para">
       Salt to use during derivation.
      </p>
      <p class="para">
       While optional, adding random salt significantly improves the strength of HKDF.
      </p>
     </dd>

    
   </dl>

  </p>
 </div>


 <div class="refsect1 returnvalues" id="refsect1-function.hash-hkdf-returnvalues">
  <h3 class="title">返回值</h3>
  <p class="para">
   Returns a string containing a raw binary representation of the derived key
   (also known as output keying material - OKM); or <strong><code>FALSE</code></strong> on failure.
  </p>
 </div>


 <div class="refsect1 errors" id="refsect1-function.hash-hkdf-errors">
  <h3 class="title">错误／异常</h3>
  <p class="para">
   An <strong><code>E_WARNING</code></strong> will be raised if <code class="parameter">ikm</code>
   is empty, <code class="parameter">algo</code> is unknown/non-cryptographic,
   <code class="parameter">length</code> is less than <em>0</em> or too large
   (greater than 255 times the size of the hash function).
  </p>
 </div>


 <div class="refsect1 examples" id="refsect1-function.hash-hkdf-examples">
  <h3 class="title">范例</h3>
  <p class="para">
   <div class="example" id="example-893">
    <p><strong>Example #1 <span class="function"><strong>hash_hkdf()</strong></span> example</strong></p>
    <div class="example-contents">
<div class="phpcode"><pre><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br /></span><span style="color: #FF8000">//&nbsp;Generate&nbsp;a&nbsp;random&nbsp;key,&nbsp;and&nbsp;salt&nbsp;to&nbsp;strengthen&nbsp;it&nbsp;during&nbsp;derivation.<br /></span><span style="color: #0000BB">$inputKey&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">random_bytes</span><span style="color: #007700">(</span><span style="color: #0000BB">32</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">$salt&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">random_bytes</span><span style="color: #007700">(</span><span style="color: #0000BB">16</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">//&nbsp;Derive&nbsp;a&nbsp;pair&nbsp;of&nbsp;separate&nbsp;keys,&nbsp;using&nbsp;the&nbsp;same&nbsp;input&nbsp;created&nbsp;above.<br /></span><span style="color: #0000BB">$encryptionKey&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">hash_hkdf</span><span style="color: #007700">(</span><span style="color: #DD0000">'sha256'</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$inputKey</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">32</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">'aes-256-encryption'</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$salt</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">$authenticationKey&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">hash_hkdf</span><span style="color: #007700">(</span><span style="color: #DD0000">'sha256'</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$inputKey</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">32</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">'sha-256-authentication'</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$salt</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">var_dump</span><span style="color: #007700">(</span><span style="color: #0000BB">$encryptionKey&nbsp;</span><span style="color: #007700">!==&nbsp;</span><span style="color: #0000BB">$authenticationKey</span><span style="color: #007700">);&nbsp;</span><span style="color: #FF8000">//&nbsp;bool(true)<br /></span><span style="color: #0000BB">?&gt;</span>
</span>
</pre></div>
    </div>

    <div class="example-contents"><p>
     The above example produces a pair of separate keys, suitable for creation of an
     encrypt-then-HMAC construct, using AES-256 and SHA-256 for encryption and
     authentication respectively.
    </p></div>
   </div>
  </p>
 </div>


 <div class="refsect1 seealso" id="refsect1-function.hash-hkdf-seealso">
  <h3 class="title">参见</h3>
  <p class="para">
   <ul class="simplelist">
    <li class="member"><span class="function"><a href="hash_pbkdf2.html" class="function" rel="rdfs-seeAlso">hash_pbkdf2()</a> - 生成所提供密码的 PBKDF2 密钥导出</span></li>
    <li class="member"><a href="http://www.faqs.org/rfcs/rfc5869" class="link external">&raquo;&nbsp;RFC 5869</a></li>
    <li class="member"><a href="https://github.com/narfbg/hash_hkdf_compat" class="link external">&raquo;&nbsp;userland implementation</a></li>
   </ul>
  </p>
 </div>


</div></div></div></body></html>